Once the application is connected, a scan is initiated to pull meta data from the application. This step may take some time to complete based on the number of resources to be cataloged in your application.
As your scan progresses, the Directory tab is populated with all the users and user groups in the company that have access to the SaaS applications.
Navigate to Directory > Users or Groups tab and view the list of all users and user groups, what kind of access the user has: internal or external, role of the user, etc.
A list of resources such as files, folders and third party applications are displayed in the Resources tab. You can view details such as what kind of access the resource has, who all the resources are shared with, owner, etc.
The Files and Folders tab lists the documents and folders in your company. Toggle to the Permissions view to view the count of permissions on these documents by users.
The Resources tab lists all the third party applications that are installed by users in your company. You can view details like who all has installed these applications using the company account and what all permissions are granted.
You can also mark your domains and applications trusted. Once marked, you can view them in the filters as Non Trusted or Is Trusted. Know more
Toggle to the Users view to view the count of installed applications for each user.
To calculate the Exposure score of an Application, Qualys SSC reviews the scopes that are granted for an application and based on how dangerous a given scope can be for data exposure, that app is given a higher score.
For example, an app that only asks for profile info has less score (and lesser risk) than one that asks to read data on Google Drive or email – which has a higher score (and hence higher risk). At this time this risk scoring for apps is based on Qualys' own method and is not configurable.